New ZIUR report provides recommendations to protect access to IT and OT systems
ZIUR has published a new report on Role-based Access Control Systems (RBAC), which compiles a list of recommendations to take into account to effectively and safely implement these systems in an industrial organization.
With this report, the industrial cybersecurity center of Gipuzkoa seeks to help industrial entities in the territory to adopt protection measures to mitigate and address possible computer risks, taking into account the increase in connectivity of IT and OT systems.
In this sense, the report includes the previous steps to take into account to manage permits through this type of systems, as well as the benefits of their implementation. Likewise, the cybersecurity center carries out a review of the different possible implementations, taking into account the governance model implemented, the type of systems to be included, the number of affected users and the granularity of effective permissions, among other aspects.
In relation to the existing models, the document lists the 4 most used Control Management Systems implementation models and their characteristics, and explains the differences between a Role-based Access Control System (RBAC) and an Access Control Systems. Access based on Attributes (ABAC).
Finally, ZIUR offers a list of the main recommendations that companies should adopt to deploy a Role Management System in a secure manner.